On Wednesday November 29th, the Qatar-America Institute co-hosted an open discussion with The Cipher Brief on the cyber attack against the Qatar News Agency and its implications for national security, international norms, and regional geopolitics. The panel featured Suzanne Kelly, CEO of The Cipher Brief, and legal scholar and national security expert Paul Rosenzweig. The discussion was moderated by Former Director of the CIA and NSA, Gen. Michael Hayden.
The discussion coincided with QAI’s publication of a comprehensive report on the cyber attack, titled “Cyber Attack on the Qatar News Agency: Fake News, Cyber War, and an Attack on International Norms of Sovereignty.” The report features new, exclusive information received from the government of Qatar about the cyber attack, including a detailed timeline of the intrusion and network traffic during the time of the attack.
The on-the-record discussion largely agreed that activity like the cyber attack on Qatar was unjustified and destabilizing. While it is profoundly challenging to deter such attacks, it is imperative that the international community do so or the problem of cyber conflict and “gray zone” warfare will only worsen. Comparisons were drawn between the cyber attack on Qatar and foreign disruption of the 2016 presidential campaign, as well as politically-motivated cyber attacks on banking institutions. Beyond the challenge of proving the attribution of an attack beyond a reasonable doubt, it is extremely difficult to effectively signal to a foreign adversary that such attacks will cost their perpetrators.
It was furthermore discussed how the diplomatic crisis that followed the cyber attack impacts regional security. In severing diplomatic ties with Qatar, the siege countries cut off cyber security information-sharing agreements with Qatar, rendering all the countries more vulnerable. With so much oil and gas infrastructure in the region, running mostly on internet-connected SCADA systems, the diminished security posture of these countries increases the risk of a cyber attack on the petrochemical industry with cataclysmic implications for global energy markets.
Overall, it was agreed that states must rise to the challenge of holding the perpetrators of cyber attacks accountable and signaling that they will be punished appropriately. Because cyber warfare is so easy to carry out — and capabilities are becoming increasingly dispersed — it is critical to contain the growing instability within the domain before it spirals out of control.
Read The Cipher Brief’s coverage of the event here.